Computer crime has continuously increased with the growth of Internet commerce and networked communications. With the growth of communication networks such as the Internet, the increasing amount of data interchange and the recent growth of cloud computing, the vulnerability of computers and servers through networked communication has become an increasingly significant issue. Furthermore, many organizations and businesses operate and maintain data centers to provide computing and information services to support their day-to-day operations. Data centers also provide computing services to businesses and individuals as a remote computing service or to provide software as a service. The services provided by data centers are extremely important to businesses as the continued and reliable availability of the computing services are important to the business's ongoing operations. It is thus necessary to provide reliable and secure computing services in order to minimize disruptions to customers of the computing services. Security is an important concern not only for service reliability but also for the protection of a customer's personal and proprietary information. A data center must therefore implement a secure computing environment in order to provide such protections. Services that control access to systems and data stored thereon must avoid allowing access to hackers and other unauthorized users, while allowing legitimate users to access the services and data.
A login mechanism is typically used to control access to a wide variety of information systems. The username and password-based login process is one common type of login service. When using this process, a user typically presents a username and a secret password to provide evidence that they are the authorized owner of an identity associated with the username. An unauthorized user may attempt to gain unauthorized access by guessing the username and/or secret password or by other means. An unauthorized user may also attempt to gain unauthorized access if the legitimate user's mobile phone, tablet or laptop is stolen or accessed without permission. The legitimate user's device may have accounts and online purchase options configured, and the unauthorized user may incur unauthorized expenses or attempt to access the legitimate user's remote services. The login service may attempt to prevent such illegitimate uses by making login attempts more difficult to compromise. However, such attempts may unnecessarily impact legitimate users.